If you’ve ever had a SoundCloud account, now might be a good time to double-check your security settings.
Reports indicate that the music streaming platform suffered a major data breach, exposing information tied to nearly 30 million users. The incident, first detected in December 2025, reportedly enabled attackers to link private email addresses with public profile details, such as usernames and follower counts.
While SoundCloud passwords, payment data, and private messages were not included in the breach, the exposure still poses risks. Cybersecurity experts warn that it can increase phishing, impersonation, and targeted scams for both everyday listeners and creators.
What happened in the SoundCloud breach
SoundCloud was reported to have discovered unauthorized activity in December 2025 that enabled attackers to map private email addresses to public profile information at scale.
According to Centraleyes, the breach didn’t involve a direct break-in to SoundCloud’s main user database. Instead, attackers allegedly gained access to an internal system and used it to connect private email addresses with public profile information. This allowed them to build a large dataset linking user identities and contact details at scale,” Centraleyes noted.
The breach later appeared in Have I Been Pwned, which listed approximately 29.8 million affected accounts and confirmed the incident was added to its database in January 2026.
What information was exposed
According to Have I Been Pwned, the compromised dataset included unique email addresses and publicly available profile information.
The exposed data included names, usernames, avatars, follower and following counts, and in some cases, geographic location details. After allegedly attempting to extort SoundCloud, the attackers publicly released the data the following month.
Have I Been Pwned noted that passwords, payment information, and private messages were not part of the breach? That reduces the likelihood of direct account takeover on SoundCloud itself, but the privacy impact is still significant.
Centraleyes also emphasized that linking email addresses with profile identities can make it easier for attackers to craft convincing phishing emails that appear legitimate. “This can affect other services you use, especially if you reuse passwords,” Centraleyes added.
Must-read security coverage
- UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
- Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
- How GitHub Is Securing the Software Supply Chain
- 8 Best Enterprise Password Managers
What users should know
Even when passwords are not exposed, breaches involving email addresses can still create security problems. Attackers often use leaked emails to launch phishing campaigns or test credentials across other platforms where people may reuse passwords.
This kind of exposure also makes it easier for scammers to send convincing messages that appear tied to your SoundCloud identity, especially for artists, podcasters, and creators with public audiences.
Have I Been Pwned recommended that users change reused passwords immediately and enable two-factor authentication wherever possible. Users can also check if their email has been compromised in a data breach by searching the Have I Been Pwned website.
Further reading: Want to avoid a data breach? Learn how to effectively manage a data breach with our in-depth guide.